Skip to main content

Zendesk hacked – Tumblr, Pinterest, Twitter user email addresses stolen

zendesk
Zendesk

Tumblr has sent out emails to its users notifying them of a security breach. However, the issue isn’t Tumblr’s system’s fault, as the hack can be traced back to Zendesk, the email and contact support client that Tumblr and a handful of other social applications use.  Pinterest and Twitter are also suffering at the Zendesk security failure. 

The security vulnerability has been patched up already, Zendesk wrote in a blog post. But the damage has been done already: The hacker downloaded the email addresses of people who emailed Twitter, Tumblr, and Pinterest support. The only silver lining is that users’ passwords are safe and sound.

Recommended Videos

If you’re a Tumblr user and ever contacted its support team via email in the past 2.5 years since Tumblr has been using Zendesk Tumblr says that there’s a good chance that you’ve been affected. These are the warning words Tumblr had for users. 

“This (security breach) has potentially exposed records of subject lines and, in some cases, email addresses of messages sent to Tumblr Support. While much of this information is innocuous, please take some time today to consider the following:

The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.

Any other information included in the subject lines of emails you’ve sent to Tumblr Support may be exposed. We recommend you review any correspondence you’ve addressed to support@tumblr.com, abuse@tumblr.com, dmca@tumblr.com, legal@tumblr.com, enquiries@tumblr.com, or lawenforcement@tumblr.com.

Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive.”

The last point is critical. Phishing is a common attack conducted via email to dupe recipients into clicking on malicious links, opening up tainted attachments, or asking them to divulge personal information. Now any emails you might receive that look similar to a Tumblr address but seem suspicious for whatever reasons should be approached with serious caution. The email that Pinterest and Twitter has sent out also reaffirms that its users shouldn’t divulge their account information, especially passwords.

Fortunately for Twitter, the social network is using DMARC, Domain-based Message Authentication, so that email providers including AOL, Gmail, Outlook, and Yahoo! Mail, can flag and delete any emails that are trying to mimic a company’s real email address. So if you’ve emailed Twitter support before, the hacker probably has access to your email address, but with DMARC in place, any efforts to contact and phish for your information should be curbed. Let’s just hope that Tumblr and Pinterest follow suit.

Topics
Francis Bea
Former Digital Trends Contributor
Francis got his first taste of the tech industry in a failed attempt at a startup during his time as a student at the…
A new Twitter feature could separate the lurkers from the super-users
A Twitter logo graphic.

Twitter is apparently working on a new profile page feature that is both useful and annoyingly indiscreet.

According to a screenshot tweeted on Thursday by Jane Manchun Wong, Twitter has yet another in-progress feature -- this time, it's a tiny bit of text located just under the Tweets tab on a user's profile page. But this text tells everyone something you may not want others to know, which is how often you tweet.

Read more
Major Twitter hack in 2020 results in another arrest
A lot of white Twitter logos against a blue background.

Police in Spain have arrested a 22-year-old British man in connection with a major Twitter hack last year that targeted high-profile accounts as part of a Bitcoin scam.

Joseph O’Connor was picked up by police in the resort town of Estepona about 280 miles south of Madrid following a request by the U.S. authorities to detain the alleged hacker, the Department of Justice (DoJ) revealed on Wednesday, July 21. O’Connor’s detention follows other arrests made last year in connection with the case.

Read more
Twitter is testing an ‘undo send’ feature for paid users
A lot of white Twitter logos against a blue background.

We've all hurriedly typed up and sent out a tweet, only to realize as soon as it's posted that it has a typo. And we've all had the urge to tweet something snarky or ill-advised, only to think better of it at the last minute. Now, Twitter is experimenting with a new feature to save users from these dilemmas -- but it will only be available for paid users.

Twitter is testing out an "undo send" function that would allow users to put a stop to their tweets before they are sent. Details are scarce, but it seems that it would work by introducing a small delay between a user hitting post and their tweet actually appearing on their timeline. In this window, they could use the undo send function if they want to edit their tweet or if they decide against posting it.

Read more